[openssh] add CAVS test driver for the aes-ctr ciphers
Tomáš Mráz
tmraz at fedoraproject.org
Fri Jan 13 17:28:53 UTC 2012
commit 017c65d99b8343a2a794c0cfb366aa8fb007f575
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Jan 13 18:28:47 2012 +0100
add CAVS test driver for the aes-ctr ciphers
openssh-5.9p1-ctr-cavstest.patch | 250 ++++++++++++++++++++++++++++++++++++++
openssh.spec | 11 ++-
2 files changed, 259 insertions(+), 2 deletions(-)
---
diff --git a/openssh-5.9p1-ctr-cavstest.patch b/openssh-5.9p1-ctr-cavstest.patch
new file mode 100644
index 0000000..c260925
--- /dev/null
+++ b/openssh-5.9p1-ctr-cavstest.patch
@@ -0,0 +1,250 @@
+diff -up openssh-5.9p1/ctr-cavstest.c.ctr-cavs openssh-5.9p1/ctr-cavstest.c
+--- openssh-5.9p1/ctr-cavstest.c.ctr-cavs 2012-01-13 15:59:06.584283289 +0100
++++ openssh-5.9p1/ctr-cavstest.c 2012-01-13 18:21:33.791941027 +0100
+@@ -0,0 +1,208 @@
++/*
++ *
++ * invocation (all of the following are equal):
++ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6
++ * ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt --data a6deca405eef2e8e4609abf3c3ccf4a6 --iv 00000000000000000000000000000000
++ * echo -n a6deca405eef2e8e4609abf3c3ccf4a6 | ./ctr-cavstest --algo aes128-ctr --key 987212980144b6a632e864031f52dacc --mode encrypt
++ */
++
++#include "includes.h"
++
++#include <sys/types.h>
++#include <sys/param.h>
++#include <stdarg.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <ctype.h>
++
++#include "xmalloc.h"
++#include "log.h"
++#include "cipher.h"
++
++/* compatibility with old or broken OpenSSL versions */
++#include "openbsd-compat/openssl-compat.h"
++
++void usage(void) {
++ fprintf(stderr, "Usage: ctr-cavstest --algo <ssh-crypto-algorithm>\n"
++ " --key <hexadecimal-key> --mode <encrypt|decrypt>\n"
++ " [--iv <hexadecimal-iv>] --data <hexadecimal-data>\n\n"
++ "Hexadecimal output is printed to stdout.\n"
++ "Hexadecimal input data can be alternatively read from stdin.\n");
++ exit(1);
++}
++
++void *fromhex(char *hex, size_t *len)
++{
++ unsigned char *bin;
++ char *p;
++ size_t n = 0;
++ int shift = 4;
++ unsigned char out = 0;
++ unsigned char *optr;
++
++ bin = xmalloc(strlen(hex)/2);
++ optr = bin;
++
++ for (p = hex; *p != '\0'; ++p) {
++ unsigned char c;
++
++ c = *p;
++ if (isspace(c))
++ continue;
++
++ if (c >= '0' && c <= '9') {
++ c = c - '0';
++ } else if (c >= 'A' && c <= 'F') {
++ c = c - 'A' + 10;
++ } else if (c >= 'a' && c <= 'f') {
++ c = c - 'a' + 10;
++ } else {
++ /* truncate on nonhex cipher */
++ break;
++ }
++
++ out |= c << shift;
++ shift = (shift + 4) % 8;
++
++ if (shift) {
++ *(optr++) = out;
++ out = 0;
++ ++n;
++ }
++ }
++
++ *len = n;
++ return bin;
++}
++
++#define READ_CHUNK 4096
++#define MAX_READ_SIZE 1024*1024*100
++char *read_stdin(void)
++{
++ char *buf;
++ size_t n, total = 0;
++
++ buf = xmalloc(READ_CHUNK);
++
++ do {
++ n = fread(buf + total, 1, READ_CHUNK, stdin);
++ if (n < READ_CHUNK) /* terminate on short read */
++ break;
++
++ total += n;
++ buf = xrealloc(buf, total + READ_CHUNK, 1);
++ } while(total < MAX_READ_SIZE);
++ return buf;
++}
++
++int main (int argc, char *argv[])
++{
++
++ Cipher *c;
++ CipherContext cc;
++ char *algo = "aes128-ctr";
++ char *hexkey = NULL;
++ char *hexiv = "00000000000000000000000000000000";
++ char *hexdata = NULL;
++ char *p;
++ int i;
++ int encrypt = 1;
++ void *key;
++ size_t keylen;
++ void *iv;
++ size_t ivlen;
++ void *data;
++ size_t datalen;
++ void *outdata;
++
++ for (i = 1; i < argc; ++i) {
++ if (strcmp(argv[i], "--algo") == 0) {
++ algo = argv[++i];
++ } else if (strcmp(argv[i], "--key") == 0) {
++ hexkey = argv[++i];
++ } else if (strcmp(argv[i], "--mode") == 0) {
++ ++i;
++ if (argv[i] == NULL) {
++ usage();
++ }
++ if (strncmp(argv[i], "enc", 3) == 0) {
++ encrypt = 1;
++ } else if (strncmp(argv[i], "dec", 3) == 0) {
++ encrypt = 0;
++ } else {
++ usage();
++ }
++ } else if (strcmp(argv[i], "--iv") == 0) {
++ hexiv = argv[++i];
++ } else if (strcmp(argv[i], "--data") == 0) {
++ hexdata = argv[++i];
++ }
++ }
++
++ if (hexkey == NULL || algo == NULL) {
++ usage();
++ }
++
++ SSLeay_add_all_algorithms();
++
++ c = cipher_by_name(algo);
++ if (c == NULL) {
++ fprintf(stderr, "Error: unknown algorithm\n");
++ return 2;
++ }
++
++ if (hexdata == NULL) {
++ hexdata = read_stdin();
++ } else {
++ hexdata = xstrdup(hexdata);
++ }
++
++ key = fromhex(hexkey, &keylen);
++
++ if (keylen != 16 && keylen != 24 && keylen == 32) {
++ fprintf(stderr, "Error: unsupported key length\n");
++ return 2;
++ }
++
++ iv = fromhex(hexiv, &ivlen);
++
++ if (ivlen != 16) {
++ fprintf(stderr, "Error: unsupported iv length\n");
++ return 2;
++ }
++
++ data = fromhex(hexdata, &datalen);
++
++ if (data == NULL || datalen == 0) {
++ fprintf(stderr, "Error: no data to encrypt/decrypt\n");
++ return 2;
++ }
++
++ cipher_init(&cc, c, key, keylen, iv, ivlen, encrypt);
++
++ xfree(key);
++ xfree(iv);
++
++ outdata = malloc(datalen);
++ if(outdata == NULL) {
++ fprintf(stderr, "Error: memory allocation failure\n");
++ return 2;
++ }
++
++ cipher_crypt(&cc, outdata, data, datalen);
++
++ xfree(data);
++
++ cipher_cleanup(&cc);
++
++ for (p = outdata; datalen > 0; ++p, --datalen) {
++ printf("%02X", (unsigned char)*p);
++ }
++
++ xfree(outdata);
++
++ printf("\n");
++ return 0;
++}
++
+diff -up openssh-5.9p1/Makefile.in.ctr-cavs openssh-5.9p1/Makefile.in
+--- openssh-5.9p1/Makefile.in.ctr-cavs 2012-01-13 15:59:06.539282357 +0100
++++ openssh-5.9p1/Makefile.in 2012-01-13 15:59:06.588283373 +0100
+@@ -28,6 +28,7 @@ SSH_KEYSIGN=$(libexecdir)/ssh-keysign
+ SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper
+ SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper
+ SSH_KEYCAT=$(libexecdir)/ssh-keycat
++CTR_CAVSTEST=$(libexecdir)/ctr-cavstest
+ SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
+ PRIVSEP_PATH=@PRIVSEP_PATH@
+ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
+@@ -63,7 +64,7 @@ EXEEXT=@EXEEXT@
+ MANFMT=@MANFMT@
+ INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
+
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-keycat$(EXEEXT) ctr-cavstest$(EXEEXT)
+
+ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
+ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
+@@ -171,6 +172,9 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
+ ssh-keycat$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keycat.o
+ $(LD) -o $@ ssh-keycat.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(SSHDLIBS)
+
++ctr-cavstest$(EXEEXT): $(LIBCOMPAT) libssh.a ctr-cavstest.o
++ $(LD) -o $@ ctr-cavstest.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
++
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
+ $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
+
+@@ -271,6 +275,7 @@ install-files:
+ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
+ fi
+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keycat$(EXEEXT) $(DESTDIR)$(libexecdir)/ssh-keycat$(EXEEXT)
++ $(INSTALL) -m 0755 $(STRIP_OPT) ctr-cavstest$(EXEEXT) $(DESTDIR)$(libexecdir)/ctr-cavstest$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
+ $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+ $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
diff --git a/openssh.spec b/openssh.spec
index 519e66b..d1e87a2 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -75,7 +75,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.9p1
-%define openssh_rel 15
+%define openssh_rel 16
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 32
@@ -198,6 +198,8 @@ Patch710: openssh-5.9p1-copy-id-restorecon.patch
Patch711: openssh-5.9p1-log-usepam-no.patch
# make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL
Patch712: openssh-5.9p1-ctr-evp-fast.patch
+# add cavs test binary for the aes-ctr
+Patch713: openssh-5.9p1-ctr-cavstest.patch
#http://www.sxw.org.uk/computing/patches/openssh.html
Patch800: openssh-5.9p1-gsskex.patch
@@ -446,6 +448,7 @@ popd
%patch710 -p1 -b .restorecon
%patch711 -p1 -b .log-usepam-no
%patch712 -p1 -b .evp-ctr
+%patch713 -p1 -b .ctr-cavs
%patch800 -p1 -b .gsskex
%patch801 -p1 -b .force_krb
@@ -697,6 +700,7 @@ fi
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0755,root,root) %dir %{_libexecdir}/openssh
%attr(2111,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign
+%attr(0755,root,root) %{_libexecdir}/openssh/ctr-cavstest
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
%endif
%if %{scard}
@@ -791,7 +795,10 @@ fi
%endif
%changelog
-* Tue Dec 06 2011 Tomas Mraz <tmraz at redhat.com> 5.9p1-15 + 0.9.2-32
+* Fri Dec 13 2011 Tomas Mraz <tmraz at redhat.com> 5.9p1-16 + 0.9.2-32
+- add CAVS test driver for the aes-ctr ciphers
+
+* Wed Dec 11 2011 Tomas Mraz <tmraz at redhat.com> 5.9p1-15 + 0.9.2-32
- enable aes-ctr ciphers use the EVP engines from OpenSSL such as the AES-NI
* Tue Dec 06 2011 Petr Lautrbach <plautrba at redhat.com> 5.9p1-14 + 0.9.2-32
More information about the scm-commits
mailing list